RE: [qmailtoaster] Distressing strange behavior
Thanks Eric, I'll make that change. -Original Message- From: Eric Broch [mailto:ebr...@whitehorsetc.com] Sent: Monday, August 17, 2020 9:21 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Distressing strange behavior In your .qmail-default file for the domain it's recommended to use 'delete' instead of 'bounce-no-mailbox' On 8/17/2020 8:14 AM, Chas Hockenbarger wrote: > Thanks, Angus. I searched the whole system for a .forward and there aren't > any on the system I can find. > > I'm not seeing anything that is obvious here. I appreciate all the feedback > and help, there were definitely suggestions made I hadn't chased yet. I'm > perplexed to say the least. I deleted all the messages from the bounce queue > and will see if that rectifies the situation or not. I'm watching this > system like a hawk so hopefully if something that is more 'normal' looking is > going on I'll be able to catch it. > > If I find the culprit I'll absolutely update this thread. If anyone has any > other ideas, I'd love to hear them as well. > > -Original Message- > From: Angus McIntyre [mailto:an...@pobox.com] > Sent: Monday, August 17, 2020 5:44 AM > To: qmailtoaster-list@qmailtoaster.com; Chas Hockenbarger > Subject: Re: [qmailtoaster] Distressing strange behavior > > Check for a '.forward' file in '/root'? > > That could account for the status report going somewhere other than where > it's supposed to, but might not explain the other issues you're seeing. > > Angus > > > > Chas Hockenbarger wrote on 8/16/20 6:09 PM: >> I just got another piece of information. I got a failure message a >> few hours ago to the postmaster account for this domain that a message >> from root to root was not delivered to 5 different Gmail accounts. >> The email was the cron.daily status report. There is no way that >> should be going to these Gmail accounts. They are accounts I don’t >> know and root at this server is supposed to go to postmaster. >> >> This just keeps getting weirder. >> >> *From:* Eric Broch [mailto:ebr...@whitehorsetc.com] >> *Sent:* Sunday, August 16, 2020 4:13 PM >> *To:* qmailtoaster-list@qmailtoaster.com >> *Subject:* Re: [qmailtoaster] Distressing strange behavior >> >> Yes forwards can be in a .qmail file or in the vpopmail database. >> >> So, the bounces occurring presently, what's the originating account? >> >> Is there anything in your queue (# qmailctl queue)? >> >> On 8/16/2020 2:46 PM, Charles Hockenbarger wrote: >> >> As I understand the forwards setup in qmailadmin those are in the >> database, right? >> >> The address that was compromised hasn't sent any email since the >> password change. >> >> I hadn't thought about looking at qmail-inject. I'll dig into >> watching that part of the process. >> >> Get TypeApp for Android <http://www.typeapp.com/r?b=15986> >> >> On Aug 16, 2020, at 3:14 PM, Eric Broch > <mailto:ebr...@whitehorsetc.com>> wrote: >> >> How do you have your forwards set up? >> >> Is there any mail in your queue? >> >> If someone hacked an account on your server with forwards to >> gmail accounts they aren't limited to just these forwards, they >> also have the option in the email client to add gmail accounts >> in the "To:" field of the email they're sending, thus bounces >> from gmail accounts that aren't in your forwards file. >> >> Also, qmail-inject puts mail in the queue and you'll see it in >> the send log. >> >> On 8/16/2020 10:05 AM, Chas Hockenbarger wrote: >> >> I'm hoping someone has encountered this weird behavior or >> something like it before and can point me down a path, >> because all my research has turned up nothing so far. >> >> I had an email account recently get breached due to a >> re-used password, and that account was used to send a bunch >> of spam out from a server I help manage. We changed the >> password on the account as soon as we found it happening and >> the outbound flood stopped. >> >> Shortly after that, however, I started seeing a very, very >> strange behavior. Sometimes, and I haven’t yet been able to >> identify the trigger or pattern, when users on this server >> send email to a forward that contains around 50 or so
RE: [qmailtoaster] Distressing strange behavior
Thanks, Angus. I searched the whole system for a .forward and there aren't any on the system I can find. I'm not seeing anything that is obvious here. I appreciate all the feedback and help, there were definitely suggestions made I hadn't chased yet. I'm perplexed to say the least. I deleted all the messages from the bounce queue and will see if that rectifies the situation or not. I'm watching this system like a hawk so hopefully if something that is more 'normal' looking is going on I'll be able to catch it. If I find the culprit I'll absolutely update this thread. If anyone has any other ideas, I'd love to hear them as well. -Original Message- From: Angus McIntyre [mailto:an...@pobox.com] Sent: Monday, August 17, 2020 5:44 AM To: qmailtoaster-list@qmailtoaster.com; Chas Hockenbarger Subject: Re: [qmailtoaster] Distressing strange behavior Check for a '.forward' file in '/root'? That could account for the status report going somewhere other than where it's supposed to, but might not explain the other issues you're seeing. Angus Chas Hockenbarger wrote on 8/16/20 6:09 PM: > I just got another piece of information. I got a failure message a > few hours ago to the postmaster account for this domain that a message > from root to root was not delivered to 5 different Gmail accounts. > The email was the cron.daily status report. There is no way that > should be going to these Gmail accounts. They are accounts I don’t > know and root at this server is supposed to go to postmaster. > > This just keeps getting weirder. > > *From:* Eric Broch [mailto:ebr...@whitehorsetc.com] > *Sent:* Sunday, August 16, 2020 4:13 PM > *To:* qmailtoaster-list@qmailtoaster.com > *Subject:* Re: [qmailtoaster] Distressing strange behavior > > Yes forwards can be in a .qmail file or in the vpopmail database. > > So, the bounces occurring presently, what's the originating account? > > Is there anything in your queue (# qmailctl queue)? > > On 8/16/2020 2:46 PM, Charles Hockenbarger wrote: > > As I understand the forwards setup in qmailadmin those are in the > database, right? > > The address that was compromised hasn't sent any email since the > password change. > > I hadn't thought about looking at qmail-inject. I'll dig into > watching that part of the process. > > Get TypeApp for Android <http://www.typeapp.com/r?b=15986> > > On Aug 16, 2020, at 3:14 PM, Eric Broch <mailto:ebr...@whitehorsetc.com>> wrote: > > How do you have your forwards set up? > > Is there any mail in your queue? > > If someone hacked an account on your server with forwards to > gmail accounts they aren't limited to just these forwards, they > also have the option in the email client to add gmail accounts > in the "To:" field of the email they're sending, thus bounces > from gmail accounts that aren't in your forwards file. > > Also, qmail-inject puts mail in the queue and you'll see it in > the send log. > > On 8/16/2020 10:05 AM, Chas Hockenbarger wrote: > > I'm hoping someone has encountered this weird behavior or > something like it before and can point me down a path, > because all my research has turned up nothing so far. > > I had an email account recently get breached due to a > re-used password, and that account was used to send a bunch > of spam out from a server I help manage. We changed the > password on the account as soon as we found it happening and > the outbound flood stopped. > > Shortly after that, however, I started seeing a very, very > strange behavior. Sometimes, and I haven’t yet been able to > identify the trigger or pattern, when users on this server > send email to a forward that contains around 50 or so email > addresses (they use it like a private distribution list) > they will get anywhere from 1-10 bounces from Gmail. Not > every email sent to the forward has this happen, and not > even every email from a particular user. > > The outbound spamming caused the server’s reputation to go > in the tank with Google, and if it weren’t for that, I > wouldn’t know this was happening, because they get the > bounces from Gmail accounts that absolutely ARE NOT in the > forward or part of the email chain AT ALL. > > I’m kind of freaking out here because while I haven’t found > a breach of the actual server / OS, this feels like someon
RE: [qmailtoaster] Distressing strange behavior
There are only 2 files found. One is in a user’s directory, and the file contains this line: /Maildir The other is in the top of the domain, labeled .qmail-default, which contains | /home/vpopmail/bin/vdelivermail ‘’ bounce-no-mailbox From: Eric Broch [mailto:ebr...@whitehorsetc.com] Sent: Sunday, August 16, 2020 7:40 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Distressing strange behavior Do this: # ls -la /home/vpopmail/domains/'mydomain'/postmaster/ look for a .qmail file. In fact you could do this # find /home/vpopmail/domains/ -name ".qmail*" The .qmail is also a way to forward. On 8/16/2020 4:49 PM, Chas Hockenbarger wrote: So I looked at a few of the files in the bounce folder and every one of them is bounces back from Gmail for either bad addresses or just the reputation bounce. Is there a down side to just blowing those away? From: Remo Mattei [mailto:r...@mattei.org] Sent: Sunday, August 16, 2020 5:43 PM To: qmailtoaster-list@qmailtoaster.com <mailto:qmailtoaster-list@qmailtoaster.com> Subject: Re: [qmailtoaster] Distressing strange behavior BTW, I always use the -L on the qmHandle it should not change much but my 2 cents. Remo On Aug 16, 2020, at 3:32 PM, Chas Hockenbarger mailto:chash...@gmail.com> > wrote: Yes, I did check those, that was my first thought is that the server had been compromised and someone modified those files to do some weird thing. However, .qmail-root has one line @ .qmail-postmaster has one line @ .qmail-mailer-daemon has one line @ I see no other files in that directory. One more piece of info I just discovered. Even though qmHandle –l reports 0 messages in either the remote or local queue, the bounce queue directory has over 2000 messages in it. Could that be a contributing factor here? I don’t see how that would create random emails going to Gmail accounts from (seemingly) random other messages, but is it possible something is borked up in the queue processing there since Gmail is bouncing everything back to me? From: Remo Mattei [mailto:r...@mattei.org] Sent: Sunday, August 16, 2020 5:26 PM To: qmailtoaster-list@qmailtoaster.com <mailto:qmailtoaster-list@qmailtoaster.com> Subject: Re: [qmailtoaster] Distressing strange behavior did you check your qmail aliases? cd /var/qmail/alias/ what do those files say? On Aug 16, 2020, at 3:10 PM, Chas Hockenbarger < <mailto:chash...@gmail.com> chash...@gmail.com> wrote: Thanks, Boheme, and yes that’s a problem, but it’s a symptom of this problem. Emails are going to Gmail accounts when users aren’t sending them. Legit emails to Gmail accounts are definitely getting bounced, too, which I have to deal with later. If I can’t stop this weird spamming to them, I can’t recover the reputation. From: Boheme [ <mailto:boh...@gmail.com> mailto:boh...@gmail.com] Sent: Sunday, August 16, 2020 4:59 PM To: <mailto:qmailtoaster-list@qmailtoaster.com> qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Distressing strange behavior It doesn’t sound like you are being repeatedly hacked. It sounds like your reputation dropped with google, and certain emails trigger their anti-spam filtering now. Not all of them, just some. I have problems with Google accepting email regularly sometimes, and dropping other emails into people’s spam folders, as a result of too many of my users forwarding email to google and those forwards passing along a lot of spam to their addresses on my server. -Sent from my Pip-Boy 3000 On 17/08/2020, at 8:46 AM, Charles Hockenbarger < <mailto:chash...@gmail.com> chash...@gmail.com> wrote: As I understand the forwards setup in qmailadmin those are in the database, right? The address that was compromised hasn't sent any email since the password change. I hadn't thought about looking at qmail-inject. I'll dig into watching that part of the process. Get <http://www.typeapp.com/r?b=15986> TypeApp for Android On Aug 16, 2020, at 3:14 PM, Eric Broch < <mailto:ebr...@whitehorsetc.com> ebr...@whitehorsetc.com> wrote: How do you have your forwards set up? Is there any mail in your queue? If someone hacked an account on your server with forwards to gmail accounts they aren't limited to just these forwards, they also have the option in the email client to add gmail accounts in the "To:" field of the email they're sending, thus bounces from gmail accounts that aren't in your forwards file. Also, qmail-inject puts mail in the queue and you'll see it in the send log. On 8/16/2020 10:05 AM, Chas Hockenbarger wrote: I'm hoping someone has encountered this weird behavior or something like it before and can point me down a path, because all my research has turned up nothing so far. I had an email account recently ge
RE: [qmailtoaster] Distressing strange behavior
So I looked at a few of the files in the bounce folder and every one of them is bounces back from Gmail for either bad addresses or just the reputation bounce. Is there a down side to just blowing those away? From: Remo Mattei [mailto:r...@mattei.org] Sent: Sunday, August 16, 2020 5:43 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Distressing strange behavior BTW, I always use the -L on the qmHandle it should not change much but my 2 cents. Remo On Aug 16, 2020, at 3:32 PM, Chas Hockenbarger mailto:chash...@gmail.com> > wrote: Yes, I did check those, that was my first thought is that the server had been compromised and someone modified those files to do some weird thing. However, .qmail-root has one line @ .qmail-postmaster has one line @ .qmail-mailer-daemon has one line @ I see no other files in that directory. One more piece of info I just discovered. Even though qmHandle –l reports 0 messages in either the remote or local queue, the bounce queue directory has over 2000 messages in it. Could that be a contributing factor here? I don’t see how that would create random emails going to Gmail accounts from (seemingly) random other messages, but is it possible something is borked up in the queue processing there since Gmail is bouncing everything back to me? From: Remo Mattei [mailto:r...@mattei.org] Sent: Sunday, August 16, 2020 5:26 PM To: qmailtoaster-list@qmailtoaster.com <mailto:qmailtoaster-list@qmailtoaster.com> Subject: Re: [qmailtoaster] Distressing strange behavior did you check your qmail aliases? cd /var/qmail/alias/ what do those files say? On Aug 16, 2020, at 3:10 PM, Chas Hockenbarger < <mailto:chash...@gmail.com> chash...@gmail.com> wrote: Thanks, Boheme, and yes that’s a problem, but it’s a symptom of this problem. Emails are going to Gmail accounts when users aren’t sending them. Legit emails to Gmail accounts are definitely getting bounced, too, which I have to deal with later. If I can’t stop this weird spamming to them, I can’t recover the reputation. From: Boheme [ <mailto:boh...@gmail.com> mailto:boh...@gmail.com] Sent: Sunday, August 16, 2020 4:59 PM To: <mailto:qmailtoaster-list@qmailtoaster.com> qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Distressing strange behavior It doesn’t sound like you are being repeatedly hacked. It sounds like your reputation dropped with google, and certain emails trigger their anti-spam filtering now. Not all of them, just some. I have problems with Google accepting email regularly sometimes, and dropping other emails into people’s spam folders, as a result of too many of my users forwarding email to google and those forwards passing along a lot of spam to their addresses on my server. -Sent from my Pip-Boy 3000 On 17/08/2020, at 8:46 AM, Charles Hockenbarger < <mailto:chash...@gmail.com> chash...@gmail.com> wrote: As I understand the forwards setup in qmailadmin those are in the database, right? The address that was compromised hasn't sent any email since the password change. I hadn't thought about looking at qmail-inject. I'll dig into watching that part of the process. Get <http://www.typeapp.com/r?b=15986> TypeApp for Android On Aug 16, 2020, at 3:14 PM, Eric Broch < <mailto:ebr...@whitehorsetc.com> ebr...@whitehorsetc.com> wrote: How do you have your forwards set up? Is there any mail in your queue? If someone hacked an account on your server with forwards to gmail accounts they aren't limited to just these forwards, they also have the option in the email client to add gmail accounts in the "To:" field of the email they're sending, thus bounces from gmail accounts that aren't in your forwards file. Also, qmail-inject puts mail in the queue and you'll see it in the send log. On 8/16/2020 10:05 AM, Chas Hockenbarger wrote: I'm hoping someone has encountered this weird behavior or something like it before and can point me down a path, because all my research has turned up nothing so far. I had an email account recently get breached due to a re-used password, and that account was used to send a bunch of spam out from a server I help manage. We changed the password on the account as soon as we found it happening and the outbound flood stopped. Shortly after that, however, I started seeing a very, very strange behavior. Sometimes, and I haven’t yet been able to identify the trigger or pattern, when users on this server send email to a forward that contains around 50 or so email addresses (they use it like a private distribution list) they will get anywhere from 1-10 bounces from Gmail. Not every email sent to the forward has this happen, and not even every email from a particular user. The outbound spamming caused the server’s reputation to go in the tank
RE: [qmailtoaster] Distressing strange behavior
Yes, I did check those, that was my first thought is that the server had been compromised and someone modified those files to do some weird thing. However, .qmail-root has one line @ .qmail-postmaster has one line @ .qmail-mailer-daemon has one line @ I see no other files in that directory. One more piece of info I just discovered. Even though qmHandle –l reports 0 messages in either the remote or local queue, the bounce queue directory has over 2000 messages in it. Could that be a contributing factor here? I don’t see how that would create random emails going to Gmail accounts from (seemingly) random other messages, but is it possible something is borked up in the queue processing there since Gmail is bouncing everything back to me? From: Remo Mattei [mailto:r...@mattei.org] Sent: Sunday, August 16, 2020 5:26 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Distressing strange behavior did you check your qmail aliases? cd /var/qmail/alias/ what do those files say? On Aug 16, 2020, at 3:10 PM, Chas Hockenbarger mailto:chash...@gmail.com> > wrote: Thanks, Boheme, and yes that’s a problem, but it’s a symptom of this problem. Emails are going to Gmail accounts when users aren’t sending them. Legit emails to Gmail accounts are definitely getting bounced, too, which I have to deal with later. If I can’t stop this weird spamming to them, I can’t recover the reputation. From: Boheme [mailto:boh...@gmail.com] Sent: Sunday, August 16, 2020 4:59 PM To: qmailtoaster-list@qmailtoaster.com <mailto:qmailtoaster-list@qmailtoaster.com> Subject: Re: [qmailtoaster] Distressing strange behavior It doesn’t sound like you are being repeatedly hacked. It sounds like your reputation dropped with google, and certain emails trigger their anti-spam filtering now. Not all of them, just some. I have problems with Google accepting email regularly sometimes, and dropping other emails into people’s spam folders, as a result of too many of my users forwarding email to google and those forwards passing along a lot of spam to their addresses on my server. -Sent from my Pip-Boy 3000 On 17/08/2020, at 8:46 AM, Charles Hockenbarger < <mailto:chash...@gmail.com> chash...@gmail.com> wrote: As I understand the forwards setup in qmailadmin those are in the database, right? The address that was compromised hasn't sent any email since the password change. I hadn't thought about looking at qmail-inject. I'll dig into watching that part of the process. Get <http://www.typeapp.com/r?b=15986> TypeApp for Android On Aug 16, 2020, at 3:14 PM, Eric Broch < <mailto:ebr...@whitehorsetc.com> ebr...@whitehorsetc.com> wrote: How do you have your forwards set up? Is there any mail in your queue? If someone hacked an account on your server with forwards to gmail accounts they aren't limited to just these forwards, they also have the option in the email client to add gmail accounts in the "To:" field of the email they're sending, thus bounces from gmail accounts that aren't in your forwards file. Also, qmail-inject puts mail in the queue and you'll see it in the send log. On 8/16/2020 10:05 AM, Chas Hockenbarger wrote: I'm hoping someone has encountered this weird behavior or something like it before and can point me down a path, because all my research has turned up nothing so far. I had an email account recently get breached due to a re-used password, and that account was used to send a bunch of spam out from a server I help manage. We changed the password on the account as soon as we found it happening and the outbound flood stopped. Shortly after that, however, I started seeing a very, very strange behavior. Sometimes, and I haven’t yet been able to identify the trigger or pattern, when users on this server send email to a forward that contains around 50 or so email addresses (they use it like a private distribution list) they will get anywhere from 1-10 bounces from Gmail. Not every email sent to the forward has this happen, and not even every email from a particular user. The outbound spamming caused the server’s reputation to go in the tank with Google, and if it weren’t for that, I wouldn’t know this was happening, because they get the bounces from Gmail accounts that absolutely ARE NOT in the forward or part of the email chain AT ALL. I’m kind of freaking out here because while I haven’t found a breach of the actual server / OS, this feels like someone has been able to inject something somewhere into my server that I simply can’t find. It is especially troubling because a user who is not on this domain, but is part of the group and therefore uses the forward from time to time, sent something to the forward today and got Gmail bounces. I don’t see anything in the send log that shows the server even trying t
RE: [qmailtoaster] Distressing strange behavior
Thanks, Boheme, and yes that’s a problem, but it’s a symptom of this problem. Emails are going to Gmail accounts when users aren’t sending them. Legit emails to Gmail accounts are definitely getting bounced, too, which I have to deal with later. If I can’t stop this weird spamming to them, I can’t recover the reputation. From: Boheme [mailto:boh...@gmail.com] Sent: Sunday, August 16, 2020 4:59 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Distressing strange behavior It doesn’t sound like you are being repeatedly hacked. It sounds like your reputation dropped with google, and certain emails trigger their anti-spam filtering now. Not all of them, just some. I have problems with Google accepting email regularly sometimes, and dropping other emails into people’s spam folders, as a result of too many of my users forwarding email to google and those forwards passing along a lot of spam to their addresses on my server. -Sent from my Pip-Boy 3000 On 17/08/2020, at 8:46 AM, Charles Hockenbarger mailto:chash...@gmail.com> > wrote: As I understand the forwards setup in qmailadmin those are in the database, right? The address that was compromised hasn't sent any email since the password change. I hadn't thought about looking at qmail-inject. I'll dig into watching that part of the process. Get TypeApp for Android <http://www.typeapp.com/r?b=15986> On Aug 16, 2020, at 3:14 PM, Eric Broch mailto:ebr...@whitehorsetc.com> > wrote: How do you have your forwards set up? Is there any mail in your queue? If someone hacked an account on your server with forwards to gmail accounts they aren't limited to just these forwards, they also have the option in the email client to add gmail accounts in the "To:" field of the email they're sending, thus bounces from gmail accounts that aren't in your forwards file. Also, qmail-inject puts mail in the queue and you'll see it in the send log. On 8/16/2020 10:05 AM, Chas Hockenbarger wrote: I'm hoping someone has encountered this weird behavior or something like it before and can point me down a path, because all my research has turned up nothing so far. I had an email account recently get breached due to a re-used password, and that account was used to send a bunch of spam out from a server I help manage. We changed the password on the account as soon as we found it happening and the outbound flood stopped. Shortly after that, however, I started seeing a very, very strange behavior. Sometimes, and I haven’t yet been able to identify the trigger or pattern, when users on this server send email to a forward that contains around 50 or so email addresses (they use it like a private distribution list) they will get anywhere from 1-10 bounces from Gmail. Not every email sent to the forward has this happen, and not even every email from a particular user. The outbound spamming caused the server’s reputation to go in the tank with Google, and if it weren’t for that, I wouldn’t know this was happening, because they get the bounces from Gmail accounts that absolutely ARE NOT in the forward or part of the email chain AT ALL. I’m kind of freaking out here because while I haven’t found a breach of the actual server / OS, this feels like someone has been able to inject something somewhere into my server that I simply can’t find. It is especially troubling because a user who is not on this domain, but is part of the group and therefore uses the forward from time to time, sent something to the forward today and got Gmail bounces. I don’t see anything in the send log that shows the server even trying to send to Gmail, which only adds to the ghost story. Any ideas, paths to go down, anything would be greatly appreciated here. I’m about to just rebuild the whole thing from scratch on a new VM, but if I’m overlooking something simple don’t want to put the users through that. Thanks in advance. Chas
RE: [qmailtoaster] Distressing strange behavior
I just got another piece of information. I got a failure message a few hours ago to the postmaster account for this domain that a message from root to root was not delivered to 5 different Gmail accounts. The email was the cron.daily status report. There is no way that should be going to these Gmail accounts. They are accounts I don’t know and root at this server is supposed to go to postmaster. This just keeps getting weirder. From: Eric Broch [mailto:ebr...@whitehorsetc.com] Sent: Sunday, August 16, 2020 4:13 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Distressing strange behavior Yes forwards can be in a .qmail file or in the vpopmail database. So, the bounces occurring presently, what's the originating account? Is there anything in your queue (# qmailctl queue)? On 8/16/2020 2:46 PM, Charles Hockenbarger wrote: As I understand the forwards setup in qmailadmin those are in the database, right? The address that was compromised hasn't sent any email since the password change. I hadn't thought about looking at qmail-inject. I'll dig into watching that part of the process. Get TypeApp for Android <http://www.typeapp.com/r?b=15986> On Aug 16, 2020, at 3:14 PM, Eric Broch mailto:ebr...@whitehorsetc.com> > wrote: How do you have your forwards set up? Is there any mail in your queue? If someone hacked an account on your server with forwards to gmail accounts they aren't limited to just these forwards, they also have the option in the email client to add gmail accounts in the "To:" field of the email they're sending, thus bounces from gmail accounts that aren't in your forwards file. Also, qmail-inject puts mail in the queue and you'll see it in the send log. On 8/16/2020 10:05 AM, Chas Hockenbarger wrote: I'm hoping someone has encountered this weird behavior or something like it before and can point me down a path, because all my research has turned up nothing so far. I had an email account recently get breached due to a re-used password, and that account was used to send a bunch of spam out from a server I help manage. We changed the password on the account as soon as we found it happening and the outbound flood stopped. Shortly after that, however, I started seeing a very, very strange behavior. Sometimes, and I haven’t yet been able to identify the trigger or pattern, when users on this server send email to a forward that contains around 50 or so email addresses (they use it like a private distribution list) they will get anywhere from 1-10 bounces from Gmail. Not every email sent to the forward has this happen, and not even every email from a particular user. The outbound spamming caused the server’s reputation to go in the tank with Google, and if it weren’t for that, I wouldn’t know this was happening, because they get the bounces from Gmail accounts that absolutely ARE NOT in the forward or part of the email chain AT ALL. I’m kind of freaking out here because while I haven’t found a breach of the actual server / OS, this feels like someone has been able to inject something somewhere into my server that I simply can’t find. It is especially troubling because a user who is not on this domain, but is part of the group and therefore uses the forward from time to time, sent something to the forward today and got Gmail bounces. I don’t see anything in the send log that shows the server even trying to send to Gmail, which only adds to the ghost story. Any ideas, paths to go down, anything would be greatly appreciated here. I’m about to just rebuild the whole thing from scratch on a new VM, but if I’m overlooking something simple don’t want to put the users through that. Thanks in advance. Chas
RE: [qmailtoaster] Distressing strange behavior
Thanks Eric and Remo, I appreciate the assistance. I’d forgotten about the simscan setting for the cdb to up the logging, it’s been a LONG time since I’ve had to do that. My queue is empty. Nothing clogged up, it’s not residual stuff; that said, I’m watching it pretty closely right now. No .qmail files. I logged into the db and looked – the forward is all in the database, and I don’t have any .qmail files that I can find outside of the skel folder. My users aren’t ‘real’ users on the system, they’re all virtual users. Part of the problem is that the bouncing from Gmail has happened to different users at different times, and at other times it doesn’t happen to them. It is so very bizarre. Hopefully with an increased logging level I can find enough to trace this down to its actual origins. From: Eric Broch [mailto:ebr...@whitehorsetc.com] Sent: Sunday, August 16, 2020 4:13 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Distressing strange behavior Yes forwards can be in a .qmail file or in the vpopmail database. So, the bounces occurring presently, what's the originating account? Is there anything in your queue (# qmailctl queue)? On 8/16/2020 2:46 PM, Charles Hockenbarger wrote: As I understand the forwards setup in qmailadmin those are in the database, right? The address that was compromised hasn't sent any email since the password change. I hadn't thought about looking at qmail-inject. I'll dig into watching that part of the process. Get TypeApp for Android <http://www.typeapp.com/r?b=15986> On Aug 16, 2020, at 3:14 PM, Eric Broch mailto:ebr...@whitehorsetc.com> > wrote: How do you have your forwards set up? Is there any mail in your queue? If someone hacked an account on your server with forwards to gmail accounts they aren't limited to just these forwards, they also have the option in the email client to add gmail accounts in the "To:" field of the email they're sending, thus bounces from gmail accounts that aren't in your forwards file. Also, qmail-inject puts mail in the queue and you'll see it in the send log. On 8/16/2020 10:05 AM, Chas Hockenbarger wrote: I'm hoping someone has encountered this weird behavior or something like it before and can point me down a path, because all my research has turned up nothing so far. I had an email account recently get breached due to a re-used password, and that account was used to send a bunch of spam out from a server I help manage. We changed the password on the account as soon as we found it happening and the outbound flood stopped. Shortly after that, however, I started seeing a very, very strange behavior. Sometimes, and I haven’t yet been able to identify the trigger or pattern, when users on this server send email to a forward that contains around 50 or so email addresses (they use it like a private distribution list) they will get anywhere from 1-10 bounces from Gmail. Not every email sent to the forward has this happen, and not even every email from a particular user. The outbound spamming caused the server’s reputation to go in the tank with Google, and if it weren’t for that, I wouldn’t know this was happening, because they get the bounces from Gmail accounts that absolutely ARE NOT in the forward or part of the email chain AT ALL. I’m kind of freaking out here because while I haven’t found a breach of the actual server / OS, this feels like someone has been able to inject something somewhere into my server that I simply can’t find. It is especially troubling because a user who is not on this domain, but is part of the group and therefore uses the forward from time to time, sent something to the forward today and got Gmail bounces. I don’t see anything in the send log that shows the server even trying to send to Gmail, which only adds to the ghost story. Any ideas, paths to go down, anything would be greatly appreciated here. I’m about to just rebuild the whole thing from scratch on a new VM, but if I’m overlooking something simple don’t want to put the users through that. Thanks in advance. Chas
[qmailtoaster] Distressing strange behavior
I'm hoping someone has encountered this weird behavior or something like it before and can point me down a path, because all my research has turned up nothing so far. I had an email account recently get breached due to a re-used password, and that account was used to send a bunch of spam out from a server I help manage. We changed the password on the account as soon as we found it happening and the outbound flood stopped. Shortly after that, however, I started seeing a very, very strange behavior. Sometimes, and I haven't yet been able to identify the trigger or pattern, when users on this server send email to a forward that contains around 50 or so email addresses (they use it like a private distribution list) they will get anywhere from 1-10 bounces from Gmail. Not every email sent to the forward has this happen, and not even every email from a particular user. The outbound spamming caused the server's reputation to go in the tank with Google, and if it weren't for that, I wouldn't know this was happening, because they get the bounces from Gmail accounts that absolutely ARE NOT in the forward or part of the email chain AT ALL. I'm kind of freaking out here because while I haven't found a breach of the actual server / OS, this feels like someone has been able to inject something somewhere into my server that I simply can't find. It is especially troubling because a user who is not on this domain, but is part of the group and therefore uses the forward from time to time, sent something to the forward today and got Gmail bounces. I don't see anything in the send log that shows the server even trying to send to Gmail, which only adds to the ghost story. Any ideas, paths to go down, anything would be greatly appreciated here. I'm about to just rebuild the whole thing from scratch on a new VM, but if I'm overlooking something simple don't want to put the users through that. Thanks in advance. Chas
[qmailtoaster] CentOS 6 scripts?
I've searched the wiki and gotten zero results for the page Dan references in a couple of posts for his CentOS 6 scripts. I also don't find any script on mirror4. Apologies if I'm just blind or looking in the wrong place. Have these been taken down? I have to move a server to new hardware and standardization requirements force me to go to CentOS 6 so I was hoping to use these rather than having to go build a non-toaster qmail server from scratch (I've gotten spoiled by the toaster!). Thanks Chas
[qmailtoaster] 'New' packages at Devel site?
Hello, I noticed that there ate many new packages available for download at the developement site but the version numbers look the same as the old ones. Are these really different or newer?? thanks, Chas. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] mailerdeamon spam
Go into qmailadmin for your domain and set it to 'catch all email deleted' as opposed to catchall bounced. Chas/. Since my reinstall i have been getting hit with a lot of mailer deamon hits (1 every 5 min) about having a bad address and the email bounced. before, i had it auto reject and not send out an email. could someone point me in the right direction on this 1? i'm having a major brain fart. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] sa-update html::parser error
Probably caused by the fact that the dev version of Spamassassin didn't properly install (compile, actually) and won't stay up. You will need to add some of the Rpmfind versions of the missing perl modules or install the old version of Spamassassin if you need to get things up quickly. I was finally able to upgrade to the newer version of SA on my CentOS 4.5 machine by just adding a few of those Rpmfind modules; perl-Archive-Tar-1.32-1.el4.rf.noarch.rpm perl-HTML-Parser-3.55-1.el4.rf.i386.rpm perl-IO-Zlib-1.05-1.el4.rf.noarch.rpm You will see errors at the end of the compile and also when you try to install that will tell you which ones are needed. Just be sure to use the proper method to compile first and then install SA, ie; rpmbuild --rebuild --with cnt40 (your .src.rpm package) followed by; rpm -Uvh (your .rpm package) Chas Hi! Fresh CentOS 4.5 qmail toaster with all qmt packages + newest ones from dev side. I also added perl libs manually from cpan that the new spamassassin needed. Installed saupdate from qtp but got errors and same ones comes now from nightly cronjob too: /etc/cron.daily/qtp-sa-update: HTML::Parser version 3.43 required--this is only version 3.35 at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 26. BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/HTML.pm line 26. Compilation failed in require at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm line 42. BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm line 42. Compilation failed in require at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message.pm line 49. BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Message.pm line 49. Compilation failed in require at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin.pm line 73. BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin.pm line 73. Compilation failed in require at /usr/bin/sa-update line 85. BEGIN failed--compilation aborted at /usr/bin/sa-update line 85. qmailctl stat: authlib: up (pid 3253) 162685 seconds clamd: up (pid 3266) 162685 seconds imap4: up (pid 3263) 162685 seconds imap4-ssl: up (pid 3279) 162685 seconds pop3: up (pid 3254) 162685 seconds pop3-ssl: up (pid 3285) 162685 seconds send: up (pid 3278) 162685 seconds smtp: up (pid 3267) 162685 seconds spamd: up (pid 6562) 1 seconds submission: up (pid 3255) 162685 seconds authlib/log: up (pid 3252) 162685 seconds clamd/log: up (pid 3273) 162685 seconds imap4/log: up (pid 3264) 162685 seconds imap4-ssl/log: up (pid 3277) 162685 seconds pop3/log: up (pid 3256) 162685 seconds pop3-ssl/log: up (pid 3265) 162685 seconds send/log: up (pid 3283) 162685 seconds smtp/log: up (pid 3268) 162685 seconds spamd/log: up (pid 3261) 162685 seconds submission/log: up (pid 3271) 162685 seconds -- ___ T o m m i J a r v i l e h t o DataVahti OY www.datavahti.fi - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] spamassassin-toaster-3.2.1 ?
Hi, I'm running just plain x86 (non 64) and still having issues even when using the --nodeps trick. It will install using nodeps but won't stay running so email fails. I think I need to use the recently mentioned rpmfind source for my perl updates. Chas. All my perl modules are up to date, yet am getting the same dependencies messages. Installing with --nodeps will do the trick, though I suspect it is because I am running on x86_64 architecture. How about you, Chas, what architecture are you running on? Harry On Jul 11, 2007, at 5:39 PM, Adam Cantwell wrote: Yes, there are a couple additional Perl modules you need for 3.2.1. Look at the QMT CentOS 5 Perl script: http://www.qmailtoaster.com/centos/cnt50/cnt50-perl.sh and it has them in there, I believe. I upgraded all of the Perl modules mentioned in that script when I installed 3.2.1 so that everything was current. Harry Zink: Macintosh Systems Consultant at Zink Different contact | [EMAIL PROTECTED] - USA mobile:(213) 820-0408 | aim:[EMAIL PROTECTED] Worldwide Mac support - Vienna/Austria Los Angeles/USA Bangkok/ Thailand Apple's iPhone - more than just a mobile phone! I GOT MINE! - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] spamassassin-toaster-3.2.1 ?
Hello, Just curious, has anyone been able to successfully upgrade to spamassassin-toaster-3.2.1 from the development site? regards, Chas - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] spamassassin-toaster-3.2.1 ?
Adam and Johannes, Thanks for replying. Were there any issues with installed Perl modules, etc? I have tried twice to upgrade and had to go back to the earlier version both times. I'm running CentOS 4.5 and the latest (non-dev) qmt files. thanks, Chas. Running it on several machines here. Some upgraded, some fresh installs. I have not had any problems. Adam Johannes Weberhofer, Weberhofer GmbH wrote: At one of my servers it is running for a month without any problems. Johannes [EMAIL PROTECTED] schrieb: Hello, Just curious, has anyone been able to successfully upgrade to spamassassin-toaster-3.2.1 from the development site? regards, Chas - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] spamassassin-toaster-3.2.1 Failed dependencies
Same problem here though I was able to force a '--nodeps' install of 3.2.1. I had to go back to the earlier version, though, because spamd kept failing to start properly. I wonder if the newer version is looking at Centos rpm versions of perl modules and not the Cpan ones. I also tried updating via Cpan and still couldn't get it working. Chas. *Hi list, I try to use spamassassin-toaster-3.2.1 from http://devel.qmailtoaster.com/download/develop/spamassassin-toaster-3.2.1-1.3.10.src.rpm* #rpmbuild --rebuild --with cnt40 spamassassin-toaster-3.2.1-1.3.10.src.rpm #qmailctl stop # rpm -e --nodeps spamassassin-toaster # rpm -Uhv /usr/src/redhat/RPMS/i386/spamassassin-toaster-3.2.1-1.3.10.i386.rpm error: Failed dependencies: perl(Archive::Tar) = 1.23 is needed by spamassassin-toaster-3.2.1-1.3.10.i386 perl(HTML::Parser) = 3.43 is needed by spamassassin-toaster-3.2.1-1.3.10.i386 perl(IO::Zlib) = 1.04 is needed by spamassassin-toaster-3.2.1-1.3.10.i386 . Archive::Tar is up to date (1.32) HTML::Parser is up to date (3.56) IO::Zlib is up to date (1.05) *installing via CPAN.* - * After reinstalling spamassassin-toaster-3.1.8-1.3.7 my server is o.k. * *Any ideea ? * *Thanks, Constantin* My OS is centos-release-4-3.2 #rpm -qa | grep toaster courier-imap-toaster-3.0.8-1.2.8 maildrop-toaster-devel-1.8.1-1.2.9 qmail-toaster-1.03-1.2.9 control-panel-toaster-0.5-1.2.7 qmailmrtg-toaster-4.2-1.2.7 vqadmin-toaster-2.3.4-1.2.11 simscan-toaster-1.1-1.2.5 vpopmail-toaster-5.4.17-1.3.4 daemontools-toaster-0.76-1.2.8 qmailadmin-toaster-1.2.9-1.2.12 qmail-pop3d-toaster-1.03-1.2.9 ezmlm-toaster-0.53.324-1.2.9 maildrop-toaster-1.8.1-1.2.9 squirrelmail-toaster-1.4.5-1.2.12 ucspi-tcp-toaster-0.88-1.2.8 ezmlm-cgi-toaster-0.53.324-1.2.9 send-emails-toaster-0.5-1.2.7 spamassassin-toaster-3.1.8-1.3.7 autorespond-toaster-2.0.4-1.2.7 isoqlog-toaster-2.1-1.2.8 clamav-toaster-0.90.3-1.3.13 # spamassassin -D --lint [22460] dbg: logger: adding facilities: all [22460] dbg: logger: logging level is DBG [22460] dbg: generic: SpamAssassin version 3.1.8 [22460] dbg: config: score set 0 chosen. [22460] dbg: util: running in taint mode? yes [22460] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [22460] dbg: util: PATH included '/usr/kerberos/sbin', keeping [22460] dbg: util: PATH included '/usr/kerberos/bin', keeping [22460] dbg: util: PATH included '/usr/local/sbin', keeping [22460] dbg: util: PATH included '/usr/local/bin', keeping [22460] dbg: util: PATH included '/sbin', keeping [22460] dbg: util: PATH included '/bin', keeping [22460] dbg: util: PATH included '/usr/sbin', keeping [22460] dbg: util: PATH included '/usr/bin', keeping [22460] dbg: util: PATH included '/usr/X11R6/bin', keeping [22460] dbg: util: PATH included '/root/bin', which doesn't exist, dropping [22460] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin [22460] dbg: message: MIME PARSER START [22460] dbg: message: main message type: text/plain [22460] dbg: message: parsing normal part [22460] dbg: message: added part, type: text/plain [22460] dbg: message: MIME PARSER END [22460] dbg: dns: is Net::DNS::Resolver available? yes [22460] dbg: dns: Net::DNS version: 0.48 [22460] dbg: diag: perl platform: 5.008005 linux [22460] dbg: diag: module installed: Digest::SHA1, version 2.07 [22460] dbg: diag: module installed: IP::Country::Fast, version 604.001 [22460] dbg: diag: module installed: Razor2::Client::Agent, version 2.82 [22460] dbg: diag: module installed: Net::Ident, version 1.20 [22460] dbg: diag: module installed: IO::Socket::INET6, version 2.51 [22460] dbg: diag: module installed: IO::Socket::SSL, version 1.03 [22460] dbg: diag: module installed: Time::HiRes, version 1.55 [22460] dbg: diag: module installed: DBI, version 1.40 [22460] dbg: diag: module installed: Getopt::Long, version 2.34 [22460] dbg: diag: module installed: LWP::UserAgent, version 2.031 [22460] dbg: diag: module installed: HTTP::Date, version 1.46 [22460] dbg: diag: module installed: Archive::Tar, version 1.32 [22460] dbg: diag: module installed: IO::Zlib, version 1.05 [22460] dbg: diag: module installed: DB_File, version 1.809 [22460] dbg: diag: module installed: HTML::Parser, version 3.35 [22460] dbg: diag: module installed: MIME::Base64, version 3.01 [22460] dbg: diag: module installed: Net::DNS, version 0.48 [22460] dbg: diag: module installed: Net::SMTP, version 2.30 [22460] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 [22460] dbg: ignore: using a test message to lint rules [22460] dbg: config: using /etc/mail/spamassassin for site rules pre files [22460] dbg: config: read file /etc/mail/spamassassin
RE: [qmailtoaster] QTPlus
Thanks for the efforts Jake, and the rest! The reason I'm looking for QTP is I have the latest QMT installed but the Clamd is being a CPU hog. I saw a reference to a bug and updating to the latest Clam cures it. I have the dev. Version of Clam toaster; 1.3.13. I'm pretty new to the Linux world so I'm not sure how to handle the upgrade. I stopped clamd then did an rpm -Uvh clamav-90.3-1.3.13.src.rpm. It returned a 100% progress bar looking like it installed, but the version still comes back as 90.1. What am I missing? I'm also running Symantec SMTP security for the scanning front end on separate servers. When I start pushing mail from that into QMT, I get a bunch of errors back in Symantec saying the server temporarily rejected the message (missing end dot). Once they start, mail literally dribbles into the QMT and I only have a couple small domains pointing to it. I'm thinking it's the clam causing this? I did stop clam but it doesn't seem to slow the errors so maybe not clam. Like I said, I'm new to the Linux world. I am trying to convert to QMT after running Merak for about 10yrs. If I can get this stabilized, I can get moving to the migration of about 100 domains and 300 users... oh joy... Thanks again to all that provide support here. I'm sure once I get this running I'll switch from asking to answering these questions. Phil Phil, Those .src.rpm files aren't meant to be install directly. If you look at the main qmailtoaster page and scroll down you will see where they talk about rebuilding them to fit your distro. This is what happens during the automated install to all the packages. So, for instance, if you wanted to upgrade clamav on a CentOS server you would need to first run this command; 'rpmbuild --rebuild --with cnt40 clamav-90.3-1.3.13.src.rpm' Then you would change to another directory where you would find the normal .rpm file; 'cd /usr/src/redhat/RPMS/i386/' (again, this is CentOS) then run your install; 'rpm -Uvh clamav-90.3-1.3.13.rpm' I would do this after shutting down qmail, then start qmail after 'qmailctl start' there's another command to make sure the upgraded version of clamav appears in email headers. I think it's; 'service qmail cdb' regards, Chas. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] [Fwd: RE: 404 while getting RDJ updates?]
Is Rules du Jour something that is 'on' by default with Qmail toaster or is it an option you enable after the install? Chas. For an update Looks like everyone should stop using Rules du Jour until further notice. Original Message Subject: RE: 404 while getting RDJ updates? Date: Thu, 7 Jun 2007 12:11:55 -0400 From: Chris Santerre [EMAIL PROTECTED] To: 'Jim Maul' [EMAIL PROTECTED], [EMAIL PROTECTED] -Original Message- From: Jim Maul [mailto:[EMAIL PROTECTED] Sent: Thursday, June 07, 2007 12:02 PM To: [EMAIL PROTECTED] Subject: Re: 404 while getting RDJ updates? guenther wrote: On Thu, 2007-06-07 at 17:45 +0200, Anders Norrbring wrote: Anyone else getting 404 errors from RDJ lately? Yes, this topic came up just a few hours ago. Probably a dDOS attack. Please disable all RDJ till further notice. guenther I would imagine this is related to www.uribl.com and surbl.org having issues as well. Both are now pointing to 127.0.0.1 in what I would assume was an attempt to stop the attack. Some spammer is pissed off it seems... Its true, scanners indicate klingon war vessels approaching our sector. We've dropped out of warp due to overuse of the dilythium crystals. Federation starships have been called in for assistance. Scottie has given us more power, but is not sure she will hold together much longer. All the while Ensen Alex won't stop dancing with a half naked green lady! Thanks, Chris Santerre SysAdmin and Spamfighter www.rulesemporium.com www.uribl.com - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Clamav upgrade to 0.90.3
Well I've just been able to update with the ClamAV 0.90.3 package (on a CentOS 4.5 box) and all is well so far. could anyone tell me the command to run to get Simscan to see show the newer version in email headers? Thanks, Chas. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Clamav upgrade to 0.90.3
That's got it, thanks. Chas. service qmail cdb Erik On 6/3/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Well I've just been able to update with the ClamAV 0.90.3 package (on a CentOS 4.5 box) and all is well so far. could anyone tell me the command to run to get Simscan to see show the newer version in email headers? Thanks, Chas. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] How to run admin-toaster in HTTPS
Dear all, I try to turn my admin-toaster webpage to become a HTTPS page by changing my toaster.conf file. But it turns out asking user name and password for every page. Here's what my file looks like: Check in the archives - I remember a while ago someone posting some instructions on how to run Squirrelmail through HTTPS, and that may give you some good clues. Squirrelmail uses a plugin for https, so it's a bit different. I'm not sure how you would do it with the Toaster admin. Chas - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] How-to get headers to display upgraded software.
Just found the answer if the FAQ, sorry for the trouble! It appears to be something similiar for the different scanner; '/var/qmail/bin/simscanmk -g' regards, Chas. Hi, Any way to get my headers to display the proper version of Clamav after a recent upgrade? I know that on the old qmailrocks we used to do something with the scanner database as below; 'setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g' Any help appreciated. Thanks, Chas. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] How-to get headers to display upgraded software.
Hi, Any way to get my headers to display the proper version of Clamav after a recent upgrade? I know that on the old qmailrocks we used to do something with the scanner database as below; 'setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g' Any help appreciated. Thanks, Chas. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]